The extension for Chrome web browser, with the name NoCoin, gained 230 downloads before Google deleted it, according to Harry Denley, who runs cryptocurrency scam database EtherscamDB.

Denley noted that hackers had purposely disguised the malicious extension to look like a tool protecting users from cryptocurrency malware or so-called cryptojacking.

“From the start, it looked like it did what it should — it was detected [sic] various CryptoJacking scripts […] and there was a nice UI to let me know it was doing its job,” he explained in the blog post.

Behind the facade, however, it became apparent the extension requests the input of private keys from popular wallet interfaces MyEtherWallet (MEW) and Blockchain.com. Private keys are then sent to hackers, who can empty wallets of holdings.

The extension lay at the end of a fake giveaway campaign, ostensibly from crypto exchange Huobi, which offered worthless ERC20Ethereum network-based tokens to unwitting consumers.

It is unknown how long the extension remained available for Google Chrome users.

As Cointelegraph continues to report, bad actors targeting cryptocurrency users have sought increasingly nefarious methods of tricking novices into handing over access to funds. Just this week, a report identified cryptojacking as a sign of increasingly discreet behavior among hackers.

Google itself has come under fire for its own apparent lack of diligence in the past, in February pulling a fake version of popular decentralized app MetaMask from its Play store.

As Cointelegraph reported last month, users of cryptocurrency wallets Electrum and MEW were also facing phishing attacks, according to posts published on Reddit and Twitter.